Sefas Data Breach Exposes Nearly 200,000 Frost Bank Customers
Global software vendor Sefas disclosed a data security incident that compromised sensitive personal information of 191,848 Frost Bank customers. The breach, detected on April 16, 2026, involved unauthorized access to an SFTP server used for software support, with attackers downloading files containing customer data between December 2025 and April 2026.
The exposed data included names, addresses, Social Security numbers, taxpayer IDs, account numbers, dates of birth, and loan numbers. Sefas confirmed the breach was contained to the SFTP server and ceased after April 16, with no evidence of further compromise. Frost Bank was notified on April 22, 2026, and the incident was reported to Texas state regulators.
Separately, the Everest ransomware gang claimed responsibility for exfiltrating 250,000 Social Security numbers from Frost Bank, listing the bank on its dark web leak site in April 2026. The group did not disclose ransom demands or payment status, and Frost Bank has not publicly responded to the claims.
Sefas has offered affected individuals one year of complimentary identity protection and credit monitoring through CyberScout. The investigation, supported by external cybersecurity experts, remains ongoing.
Sefas North America cybersecurity rating report: https://www.rankiteo.com/company/sefas-north-america
Frost cybersecurity rating report: https://www.rankiteo.com/company/frostbank
"id": "SEFFRO1779972477",
"linkid": "sefas-north-america, frostbank",
"type": "Ransomware",
"date": "4/2026",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'customers_affected': '191848',
'industry': 'Financial Services',
'name': 'Frost Bank',
'type': 'Bank'}],
'attack_vector': 'Unauthorized access to SFTP server',
'customer_advisories': 'One year of complimentary identity protection and '
'credit monitoring through CyberScout',
'data_breach': {'data_exfiltration': 'Yes',
'number_of_records_exposed': '191848',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Names',
'Addresses',
'Social Security numbers',
'Taxpayer IDs',
'Account numbers',
'Dates of birth',
'Loan numbers']},
'date_detected': '2026-04-16',
'description': 'Global software vendor Sefas disclosed a data security '
'incident that compromised sensitive personal information of '
'191,848 Frost Bank customers. The breach involved '
'unauthorized access to an SFTP server used for software '
'support, with attackers downloading files containing customer '
'data between December 2025 and April 2026. The Everest '
'ransomware gang also claimed responsibility for exfiltrating '
'250,000 Social Security numbers from Frost Bank.',
'impact': {'data_compromised': 'Sensitive personal information including '
'names, addresses, Social Security numbers, '
'taxpayer IDs, account numbers, dates of '
'birth, and loan numbers',
'identity_theft_risk': 'High',
'systems_affected': 'SFTP server'},
'initial_access_broker': {'entry_point': 'SFTP server',
'reconnaissance_period': 'December 2025 - April '
'2026'},
'investigation_status': 'Ongoing',
'ransomware': {'data_exfiltration': '250000 Social Security numbers',
'ransomware_strain': 'Everest'},
'references': [{'source': 'Cyber incident disclosure'}],
'regulatory_compliance': {'regulatory_notifications': 'Reported to Texas '
'state regulators'},
'response': {'containment_measures': 'Breach contained to SFTP server and '
'ceased after April 16, 2026',
'third_party_assistance': 'External cybersecurity experts'},
'threat_actor': 'Everest ransomware gang',
'title': 'Sefas Data Breach Exposes Nearly 200,000 Frost Bank Customers',
'type': ['Data Breach', 'Ransomware']}